Unit5CrimeinCyberspace.doc

Crime in Cyberspace Summary:Some thoughts about crime prevention in cyberspace. Transcript:Robyn Williams: Last week, Ockhams Razor was presented by the Director of the Australian Institute of Criminology in Canberra, who reflected on his experience of being burgled, and how to design homes and businesses to avoid such an experience.This week we look at theft outside such physical structures: being robbed or otherwise interfered with in cyberspace. Theres plenty of risk, but what can you do about it? This is the Director of Research at the Institute, Peter Grabosky.Peter Grabosky: It has almost become trite to suggest that we are entering an age as significant and profound in its impact as was the Industrial Revolution. When you think about it, the convergence of computing and communications has already affected most, if not all, of the major institutions of society. It has created unprecedented opportunities for education, health services, recreation and commerce. Unfortunately, it has also created unprecedented opportunities for crime. It seems to me that identifying these vulnerabilities, and mobilising appropriate countermeasures will be one of the great challenges of the next century.This challenge is so great that it defies the capacity of law enforcement alone to control. Consequently, new forms of policing, involving the harnessing of non-government resources, will become essential. Given the fact that cyberspace knows no boundaries, and that computer crime often transcends national frontiers, effective countermeasures will also require a degree of international co-operation which is without precedent.Let me describe nine types of crime involving information systems as instruments and/or as targets.First is Theft of Information Services.The means of stealing telecommunications services are diverse, and include the cloning of cellular phones, counterfeiting of telephone cards, and unauthorised access to an organisations telephone switchboard. In one case, hackers were reported to have obtained access to the telephone facilities of Scotland Yard, and made over a million dollars worth of phone calls.Next are Communications in Furtherance of Criminal Conspiracies.Modern information systems clearly provide an effective means by which offenders can communicate in order to plan and execute their activities. There is evidence of information systems being used to facilitate organised drug trafficking, money laundering, child pornography and trade in weapons. Although the use of information facilities does not cause such illegal conduct to occur, it certainly enhances the speed and ease with which individuals may act together to plan and to execute criminal activity.Emerging technologies of encryption and high speed data transfer can greatly enhance the capacity of sophisticated criminal organisations, and place their communications outside the reach of police. Increasingly, police are encountering encrypted communications, and as cryptography becomes more widely accessible, I predict that its use to conceal criminal communications will increase markedly.Then we have a range of activities to which we collectively refer as Information Piracy, Counterfeiting and Forgery.Digital technology permits perfect reproduction of software, text, images, sound, and combinations of these - what we call multi-media content. The potential for copyright infringement, falsification of documents, and fabrication of negotiable instruments, has never been greater. It is now possible to download compact disks and feature films from the Internet. Copyright infringement can occur quickly and without difficulty, by anyone, from the comfort of your own home. But I would not encourage you to try it.Then we have Dissemination of Offensive Materials.Content considered by some to be objectionable exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and explosive devices. Information systems can also be used for harassing, threatening or intrusive communications, from the traditional obscene telephone call to its contemporary manifestation in cyber-stalking when persistent messages are sent to an unwilling recipient.Category five is what I call Electronic Money Laundering.For some time now, electronic funds transfers have assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Large financial institutions will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of light. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. Traditional underground banks, which have flourished in Asian countries for centuries, will enjoy even greater capacity through the use of information technology.Next is Electronic Vandalism and Terrorism.As never before, western industrial society is dependent upon complex data processing and information systems. Im sure you would agree that nowadays, almost everything depends upon software. Electric power generation, telecommunications, air traffic control, and financial systems all comprise what we call societys critical infrastructure. Damage to, or interference with, any of these systems can lead to catastrophic consequences. Whether motivated by curiosity, vindictiveness or greed, electronic intruders cause inconvenience at best, and have the potential for inflicting massive harm. Some commentators suggest that the very nature of warfare is changing. Defence planners around the world are investing substantially in information warfare: means of disrupting the information technology infrastructure of defence systems.Seventh is Sales and Investment Fraud.The use of the telephone for fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is a billion dollar a year industry around the world. Fraudulent sales and investment offers abound in cyberspace. Further developments in electronic marketing will provide new opportunities for the unscrupulous and new risks for the unwitting. The growing use of the Internet as a medium for sharemarket transactions provide unprecedented occasions for criminal exploitation.Next is Illegal Interception of Information.Developments in information technology provide new opportunities for electronic eavesdropping. From activities as time-honoured as the surveillance of an unfaithful spouse, to the newest forms of political and industrial espionage, information interception has increasing applications. Here again, we are beginning to see how technological developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as broadcast antennas.And finally, we have Electronic Funds Transfer Fraud.The proliferation of electronic funds transfer systems will enhance the risk that such transactions may be intercepted and diverted. Criminals who are strategically situated and skilled enough to gain access to accounts have already succeeded in executing electronic ripoffs. The growth of electronic commerce and the move to a cashless society will provide even greater opportunities for sophisticated criminals.You can see that these forms of illegality are not necessarily mutually exclusive, and need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a quick getaway, so too can one steal information services and use them for purposes of vandalism, fraud, extortion, or in furtherance of other criminal conspiracies.And remember, any one of them can be committed from the other side of the world as easily as it can from ones own city. Conversely, one can break the law somewhere on the other side of the globe from ones own bedroom.Moreover, there may be a lack of agreement between authorities in different jurisdictions about whether or not the activity in question is criminal at all. If an online financial newsletter, originating in the Bahamas, contains fraudulent speculation about the prospects of a company whose shares are traded on the Australian Stock Exchange, where has the offence occurred?Other issues which may complicate investigation entail the logistics of search and seizure, the sheer volume of material within which incriminating evidence may be contained, and the encryption of information which may render it entirely inaccessible or accessible only after a massive application of decryption technology.Well, what to do about all these risks? All of this might appear formidable, but pulling the plug, and returning to the pre-digital age is no longer an option, because in a real sense, the genie is already out of the bottle. Not only do digital technologies provide us with specular opportunities, but the competitive nature of the global economy requires that we ride the wave of technology.As I see it, the fundamental challenge is to maximise the benefits which digital technology provides us, while minimising the downside risks.So, what can we do to control computer crime?First, we should emphasize prevention.It is a great deal more difficult to pursue an online offender to the ends of the earth than to prevent the offence in the first place. The trite homily that prevention is better than cure is nowhere more appropriate than in cyberspace. It applies no less to high technology crime than it does to residential burglary. Just as one would be most unwise to leave ones house unlocked when heading off to work in the morning, so too is it foolish to leave ones information systems accessible to unauthorised persons.It seems to me that the first step in the prevention of online crime is to raise awareness on the part of prospective victims to the risks which they face. Individuals and institutions should be made aware of the potential consequences of an attack on their information assets, and of the basic precautionary measures which they should take. Those businesses who stand to gain the most from electronic commerce have the greatest interest in developing secure payments systems. Technologies of computer security can provide significant protection against various forms of computer crime. But there are other, low technology measures which should also not be overlooked. Perhaps foremost among these is staff selection. Surveys of businesses reveal that ones own staff often pose a greater threat to ones information assets than do so-called outsiders. Disgruntled employees and former employees constitute a significant risk. Suffice it to say that great care should be taken when engaging and disengaging staff.Next, non-governmental resources should be harnessed whenever possible.Market forces will generate powerful influences in furtherance of electronic crime control. Given the immense fortunes which stand to be made by those who develop secure processes for electronic commerce, they hardly need any prompting from government. In some sectors, there are ample commercial incentives which can operate in furtherance of cyber-crime prevention. Information security promises to become one of the growth industries of the coming century. Some of the new developments in information security which have begun to emerge include technologies of authentication. The simple password for access to a computer system, vulnerable to theft or determination by other means, is being complemented or succeeded altogether by biometric authentication methods such as retinal imaging and voice or fingerprinting.Detection of unauthorised access to or use of computer systems can be facilitated by such technologies as artificial intelligence and neural networking, which can identify anomalous patterns of use according to time of day, and keystroke patterns.Next, we can enhance the Capacity of Law Enforcement.the continuing uptake of digital technology around the world means that law enforcement agencies will be required to keep abreast of rapidly developing technologies. As new technologies are exploited by criminals, it becomes even more important for law enforcement not to be left behind. This is a significant challenge, given the emerging trend for skilled investigators to be poached by the private sector. The collaboration of law enforcement with specialised expertise residing in the private sector will become a common feature in years to come.Finally, it is imperative to foster i